CVE-2023-0645 — Vulnetix

CVE-2023-0645 PUBLISHED CVSS 5.300000190734863 MEDIUM

An out of bounds read exists in libjxl. An attacker using a specifically crafted file could cause an out of bounds read in the exif handler. We recommend upgrading to version 0.8.1 or past commit https://github.com/libjxl/libjxl/pull/2101/commits/d95b050c1822a5b1ede9e0dc937e43fca1b10159 https://github.com/libjxl/libjxl/pull/2101/commits/d95b050c1822a5b1ede9e0dc937e43fca1b10159

EPSS 0.17% · 38.3th percentile

Risk Scores

CVSS v3.1

5.300000190734863

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS Score

0.17%

38.3th percentile

Affected Products

Vendor	Product	Versions
Libjxl	Libjxl	0.7.0
libjxl_project	libjxl	0

Timeline

Apr 11, 2023 CVE Published
Apr 12, 2023 EPSS Score
May 20, 2023 EPSS Score
Jun 26, 2023 EPSS Score
Aug 3, 2023 EPSS Score
Sep 10, 2023 EPSS Score
Oct 17, 2023 EPSS Score
Nov 24, 2023 EPSS Score
Jan 1, 2024 EPSS Score
Feb 7, 2024 EPSS Score
Mar 16, 2024 EPSS Score
Apr 23, 2024 EPSS Score

References

https://github.com/libjxl/libjxl/pull/2101/commits/d95b050c1822a5b1ede9e0dc937e43fca1b10159 url
https://github.com/libjxl/libjxl/pull/2101 url
https://nvd.nist.gov/vuln/detail/CVE-2023-0645 advisory

Open in Interactive Console →